ClawHub

Promptbuddy Lite

Security checks across malware telemetry and agentic risk

Overview

This is mostly a local prompt optimizer, but it needs Review because its wrapper can automatically rewrite broad chat input, store local feedback state, and invoke an undeclared helper skill.

Install only if you want a broad prompt-rewriting preprocessor, not just a manual helper command. Review the sudo installer, the always-on preprocessing behavior, and the promptbuddy-optimizer feedback integration before enabling it.

SkillSpector

By NVIDIA
Vulnerability Patterns
  • Trigger AbuseOverly Broad Trigger, Shadow Command Trigger, Keyword Baiting Trigger
  • MCP Tool PoisoningHidden Instructions, Unicode Deception, Parameter Description Injection
  • Prompt InjectionInstruction Override, Hidden Instructions, Exfiltration Commands
  • Data ExfiltrationExternal Transmission, Env Variable Harvesting, File System Enumeration
  • Privilege EscalationExcessive Permissions, Sudo/Root Execution, Credential Access
Findings (2)

Intent-Code Divergence

Medium
Confidence
86% confidence
Finding
The script performs stateful actions beyond simple preprocessing: it persistently changes a preference file in the user's home directory and records feedback based on bare inputs of '1' or '2', all under a design described as fully automatic and without confirmation. In an agent skill context, hidden persistence and ambiguous command interception can cause unintended behavior, silent preference changes, and undisclosed collection of interaction metadata.

Vague Triggers

Medium
Confidence
88% confidence
Finding
The intent-matching trigger phrases are very broad words such as common question forms and task words, which can easily match ordinary user requests that were not asking for a reasoning scaffold or a specific prompt transformation. In a prompt-rewriting skill, this can misclassify user intent and systematically alter prompts in ways the user did not request, reducing reliability and potentially introducing unsafe or misleading model behavior downstream.

VirusTotal

65/65 vendors flagged this skill as clean.

View on VirusTotal